923223 – (CVE-2015-1083) VUL-0: Various WebKit security issues.

Bug 923223 (CVE-2015-1083) - VUL-0: Various WebKit security issues.

Summary: VUL-0: Various WebKit security issues.

Status:	RESOLVED FIXED

Alias:	CVE-2015-1083

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Federico Mena Quintero
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/114920/
Whiteboard:	CVSSv2:NVD:CVE-2015-1075:6.8:(AV:N/AC...
Keywords:

Depends on:	1069669
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2015-03-19 15:44 UTC by Marcus Meissner
Modified:	2021-09-01 11:55 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-03-19 15:44:16 UTC

Apple has announced a new Safari / Webkit release which fixes a lot of CVEs.

APPLE-SA-2015-03-17-1

http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html


APPLE-SA-2015-03-17-1  Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4

Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and
address the following:

WebKit
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1068 : Apple
CVE-2015-1069 : Apple
CVE-2015-1070 : Apple
CVE-2015-1071 : Apple
CVE-2015-1072
CVE-2015-1073 : Apple
CVE-2015-1074 : Apple
CVE-2015-1075 : Google Chrome Security team
CVE-2015-1076
CVE-2015-1077 : Apple
CVE-2015-1078 : Apple
CVE-2015-1079 : Apple
CVE-2015-1080 : Apple
CVE-2015-1081 : Apple
CVE-2015-1082 : Apple
CVE-2015-1083 : Apple

WebKit
Impact:  Inconsistent user interface may prevent users from
discerning a phishing attack
Description:  A user interface inconsistency existed in Safari that
allowed an attacker to misrepresent the URL. This issue was addressed
through improved user interface consistency checks.
CVE-ID
CVE-2015-1084 : Apple

Comment 1 Swamp Workflow Management 2015-03-19 23:00:32 UTC

bugbot adjusting priority

Comment 4 Marcus Meissner 2021-09-01 11:55:43 UTC

likely fixed where needed and possible, addressed in other bugs